Security is a growing concern in the digital age. Frequently passwords and “secret” or confidential numbers (e.g., credit card numbers, account numbers, personal identification numbers (PINs), etc.) are lost or become known to third parties. Once these passwords or confidential information are no longer secret, various villains may use them to access a user's accounts and, for example, steal money, assets, or corporate secrets, etc. Further by automating the financial transaction process, the removal of information or money from an unfortunate victim's account may occur substantially instantaneously after the victim's password has become known to the villain.
One way to acquire a user's password or other confidential information is by the use of a fake or fraudulent web page. For example, a criminal may create a web site (e.g., www.chasse.com) that looks exactly or at least convincingly like an actual bank or credit card site (e.g., www.chase.com). A user, for example due to a typo when entering a web address, may arrive at the fake site and think they are actually using the proper legitimate site. This user may unsuspectingly enter their confidential information (e.g., username and password, credit card number, etc.). This fake site may then respond that the password is incorrect, while simultaneously using the user's password and username to access the legitimate site and steal the user's money. In some instances, to increase security a user may also be given a hardware or software tool that pseudo-randomly generates a one-time password. This one time password is usually valid for a few seconds. However, in an automated process a few seconds is more than enough time for a criminal to fraudulently access the user's accounts using that captured one-time password. Such techniques are generally referred to as “phishing.”
Keyloggers are another form of obtaining a user's confidential information (e.g., username password, etc.). A keylogger, as the name suggests, generally records keys which are typed by a computer user. These keystrokes may (and often) contain passwords or PINs for financial institutions, thus compromising the user's data. As described above, this can result in stolen funds or data. Some common keyloggers are software-based and report typed keystrokes via a network (such as the internet). Often, these software keylogger programs may be installed on a user's computer system via a virus, or Trojan horse-style attack. Conversely, hardware-based keyloggers (such as at an Automatic Teller Machine (ATM) terminal) may require the stolen or logged data to be collected manually.
It is understood that the above are merely a few illustrative examples of means to breach or compromise a user authentication system or a secure communication in general. These examples are not intended to be exhaustive as the means of breaching a secure communication are legion and new schemes are constantly being devised.